(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 
International Bureau 

(43) International Publication Date 
10 April 2003(10.04.2003) 




(10) International Publication Number 

PCT WO 03/029934 Al 



(51) International Patent Classification'': 
H04L 29/06 



(21) International Application Number: PCT/GB02/04107 

(22) International Filing Date: 

10 September 2002 (10.09.2002) 



G06F 1/00, (72) Inventor; and 

(75) Inventor/Applicant (for US only): GHANEA-HER- 
COCK, Robert, Alan [GB/GB]; 140 Dover Road. 
Ipswich, Suffolk IPS 3RE (GB). 



(25) Filing Language: 

(26) Publication Language: 
(30) Priority Data: 



(74) Agent: NASH, Roger, William; BT GROUP LEGAL 
SERVICES, INTELLECTUAL PROPERTY DEPART- 
MENT, Holbom Centre, 8th Floor, 120 Holbom, London, 
Greater London ECIN 2TE (GB). 



English 

English Designated States (national): CA, JP, US 



01308337.3 
01308325.8 
01308321.7 
01308322.5 



28 September 2001 (28.09.2001) EP 

28 September 2001 (28.09.2001) EP 

28 September 2001 (28.09.2001) EP 

28 September 2001 (28,09.2001) EP Published: 



(84) Designated States (regional): European patent (AT, BE, 
CH. CY, DE, DK. RS, FI, FR. GB. GR, IE, IT. LU, MC. 
NL, PT. SE, TR). 



— with international search report 



(71) AppWcQM (for ail designated States except USJiBWriSa 

TELECOMMUNICATIONS PUBLIC LIMITED For two-letter codes and other abbreviations, refer to the "Guid- 



COMPANY [GB/GB]; 81 NEWGATE STREET, LON- 
DON. Greater Ijondon ECl A 7AJ (GB). 



ance Notes on Codes and Abbreviations" aj^aring at the begin- 
ning of each regular issue of the PCT Gazette. 



= (54) Title: AGENT-BASED INTRUSION DETECTION SYSTEM 



Admin 
System 



22 



GUI and Agent 
Management system 



20 



rIO 



Host Computer 



Agent 



O 



Host Computer 



Agent 



16 



Agent 



Host Computer 



Exchange of 
TAG Messages 



^4 



Network 



Agent 



Host Computer 



(57) Abstract: A computer security system uses a plurality of co-operating software agents (14) to protect a network against attack. 
Individual agenls (14) at each node (10) of the network co-operatively act to detect atUicks and to share attack signatures and solutions 
via a message exchange mechanism. A global internal measurement of the overall health of the group of agents may be used as an 
indicator of a possible attack. In larger networks, the agents may be formed a plurality of separate autonomous groups, with a 
common group identity being automatically maintained by the message passing mechanism. Individual groups may be located by a 
system designer in separate cells or domains within the network, so that if one cell becomes compromised the rest of the network is 
not affected. 



wo 03/029934 



PCT/GB02/04107 



1 

AGENT-BASED INTRUSION DETECTION SYSTEM 

The present invention relates to an intrusion detection system (IDS) for use 
within a computer network, and particularly to such a system that makes use 
5 of co-operative software agents. 

The advent In recent years of a number of Increasingly powerful macro 
vimses, some of which have port-scanning capabilities, has demonstrated the 
inadequacies of most cun-ent static and manually-controlled security 
10 mechanisms for protecting computer systems. As viral and other attacks 
become increasingly common, and increasingly sophisticated, traditional 
systems are unlikely to be able to cope. Such systems are insufficiently 
flexible, scalable or reactive to be able to deal effectively with new and 
potentially unknown security threats. 

15 ■ ■ . ■ ■ . 

In ah effort to tackle these problems, a number of authors have proposed 
constructing an intrusion detection system from a collection of co-operating 
software agents to provide distributed monitoring and detection. In one such 
system, proposed by Crosbie and Spafford, a distributed set of agents 

20 monitors network traffic and machine activity, including CPU utilisation. Their 
system also has agents exchanging anomaly reports between each other, with 
decisions to raise an intrusion alert being based on combined evidence from a 
number of agents. They utilise a fonn of machine learning based on evolving 
genetic programs in order to recognise new patterns of attack. See: Crosbie 

25 M. and Spafford E. "Defending a Computer System using Autonomous 
Agents". In 18^ National Infonnatlon Systems Security Conference, Oct 1995. 

Similar work by Carver et al focuses on the dynamic and adaptive response to 
varying levels of security threat using a distributed heterogeneous group of 
30 agents: Carver CA. HillJM Surdu J.R., and Poocli U.W., "A Metliodoiogy 



wo 03/029934 ' " ' • PCT/GB02/04107 

• -2 .' 

for using Intelligent Agents to provide Automated Intrusion Response," IEEE . 
Systems, Man and Cybernetics Information Assurance and Security 
Workshop. West Point. NY. June 6-7 2000, pp. 110-116. 

5 Work by hleimer et al demonstrates a multi-agent network defence system in 
whicli software agents monitor low-level network activity and report it to 
higher-level software agents for analysis: see Helmer G.G., Wong J.S.. 
Honavar V., and Miller L. "Intelligent agents for intrusion detection". In 
Proceedings, IEEE Infonnation Technology Conference, pages 121—124. 

10 Syracuse, NY, September 1998. 

Details of a specific architecture for an agent-based intrusion detection system 
Is described in Balasubramaniyan J., Jose Omar Garcia-Femandez, Spafford 
E., and Zamboni D. "An Architecture for Intnjsion Detection using Autonomous 
15 Agents". Department of Computer Sciences, Purdue University; Coast TR 
98-05; 1998. 

Work by Q; He and Sycara, although in the rather different field of PKI 
certificate management, discusses the use of encrypted KQML message 
20 exchange amongst a networked group of agents: see Q/ He and Sycara K.P. 
and Zhongmin Su, "A Solution to Open Standard of PKr, book, Australisian 
Conference on Information Security and Privacy, pages 99-1 1 0. 1998. 

The use of security agents to provide authorisations within a distributed 
25 environment is disclosed in Vijay Varadharajan. Nikhir Kumar and Yi Mu, 
Security Agent Based Distributed Authorization : An Approach. National 
Information Security Systems Conference. 21^ NISSC Proceedings: Papers 
October 6-9, 1998: Hyatt Regency - Crystal City, Virginia. 

30 The use of mobile agents to trace intruders Is disclosed in /W/don Asaka, 



wo 03/029934 



PCT/GB02/04107 



• . 3 

Shunji Okazawa and AtsushI Taguchi, "A Method of Tracing Intruders by Use 
of Mobile Agent", in Proceedings of the 9^ Annual Internetworking Conference 
(INET '99), San Jose, California, June 1999. 

5 Finally, a certain amount of research has been carried out into the use of 
immune system based models of security: see for example Hofmeyr S., & 
Forrest S. "Immunity by Design: An Artificial Immune System" PnDceedings of 
the Genetic and Evolutionary Computation Conference (GECCO), Morgan- 
Kaufmann. San Francisco, CA, pp. 1289-1296 (1999); and also Kephart J.O.. 

10 "A Biologically Inspired Immune System for Computers", Artificial Life IV, 
Proceedings of the Fourth International Workshop on Synthesis and 
Simulation of Living Systems, Robney A. Brooks and Pattie Maes, eds., MIT 
Press, Cambridge, Massachusetts, 1994, pp. 130-139. 

15 According to a first aspect of the present Invention there is provided a 
computer security system comprising a plurality of inter-communicating 
software agents together forming an agent group, the system maintaining and 
tracking a groupwide measure of agent status or behaviour, comparing actual 
behaviour pattems of the measure with known normal behaviour patterns and 

20 detemiining that a security threat does or may exist when the actual behaviour 
pattems diverge from nomrial behaviour patterns. 

According to a second aspect, there is provided a computer security system 
comprising a plurality of Inter-communicating software agents which co- 
25 operatively detemiine when a security threat does or may exist, the agents 
communicating by a message-exchange system in which, as messages pass 
between a first agent and a second agent, the ability of the first agent to 
recognise the second as friendly increases. 

30 According to a third aspect there is provided a computer security system 



wo 03/029934 ' ' * • PCT/GB02/04107 

4. 

comprising a plurality of Inter-communicating software agents together forming 
an agent group, the agents communicating by a message-exchange system In 
which, when one agent determines that a security threat does or may exist, 
that agent sends a warning message, including an anomaly pattem indicative 
5 of the threat, to other agents in the group. 

According to a fourth aspect there is provided a computer security system 
comprising a plurality of Inter-comniunlcatlng software agents which co- 
operatively detemilne when a threat does or may exist, the agents being 
10 divided up into a plurality of agent groups, each agent con-esponding with 
other agents in its respective group, but not agents in other groups, by a 
message-exchange system including the exchange of group-specific tags. 

In addition to a computer security system, the present invention further 
15 extends to a computer network Including such a computer security system, a 
method of operating a network and/or a computer security system, and a 
computer program embodying any such system or method. 

Cun-ent IDS systems rely on specific network or machine checkpoints to 
20 indicate the existence of an attack or a threat. This requires a separate 
specific sensing capability for every possible point of attack. While the 
system of the present invention, in at least some embodiments, also monitors 
a number of known entry checkpoints to the network, it may also monitor a set 
of internal (that is, intemai to the agent) and network state variables such as 
25 CPU load, traffic rates and service levels In order to calculate the cun^nt 
metabolic rate of the system and of each agent Instead of calculating the 
metabolic rate, the system could calculate any other convenient Intemai 
groupwide measure of agent status and/or behaviour. This may come either 
from the status or behaviour of separate agents and/or from status indicators 
30 or behaviour within a virtual private network on which the agents exist. In one 



Il t 

wo 03/029934 



PCT/GB02/04107 



5 • 

convenient embodiment, the system may monitor the quantity or frequency of 
message flows within that virtual private network. The invention, in its various 
embodiments, can therefore generate warnings, and preferably also take 
action, in response to novel and previously unknown intrusions. Where the 
5 agents reside on a virtual private network, the system may respond to 
intrusions both within that virtual private network (for example corruption of the 
agents) and/or intrusions on the networic which the agents are protecting. 

The tag exchange scheme of the prefen-ed embodiment is independent of any 
10 specific learning mechanism the agents may use, allowing different adaptive 
strategies and processes to be implemented within that framework. 

The messaging overhead can be very low, as each antibody tag in the 
prefenred embodiment is only a short sequence of bytes (typically less than 
15 500 bytes). 

The prefemed mechanism is very robust, in that if individual agents are 
damaged, the rest of the group may continue functioning. 

20 The preferred system is self-organising and in practical embodiments a 
distributed directory service may be used so that agents can locate other 
active agents and easily connect to them. 

By specifying new tag-identHying elements, an administrator may select for a 
25 number of sub-groups or cells to form within a network. This increases the 
robustness and the security of the system, as each group may be self- 
maintaining. 

A specific application domain for the preferred embodiment is in the defence of 
30 peer to peer (P2P) networks. The prefen-ed antibody exchange and agent 



wo 03/029934 



PCT/GB02/04107 



6 

processes easily operate over such P2P networks, and allow a high degree of 
security for both data and services. 

The invention may be carried into practice in a number of ways and one 
5 specific embodiment will now be described, by way of example, with reference 
to the accompanying drawings, in which: 

Figure 1 is a schematic view of a prefen-ed implementation; 
Figure 2 is an image of the agent spatial environment, in a simulation; and 
10 Figure 3 shows the social network connections between the ten most frequent 
trading partners encountered by each agent in the simulation. 

A schematic view of a practical embodiment of the invention is shown in 
Figure 1 . The system is designed to protect a number of host computers 10 
15 which are linked together by a network 12. This is achieved by a population 
of distributed software agents 14, residing on the host computers, and acting 
as smart monitors of hostile behaviours, attacks or Intrusions on the network. 

The agents communicate with each other by exchanging tag messages 18 (to 
20 be described in more detail below) which served not only to allow infomnation 
exchange but also to enable agents to identify one another. Agent to agent 
communication takes place not via the normal network channels but across a 
virtual private network 16. Since vims and other security threats will not 
normally have access to the virtual private network (which is protected by 
25 encryption), the agents can monitor viral and other activity on the public 
network communication channels without themselves being compromised. 
The virtual privatie network 16 provides a multi-agent platfonn, capable of 
secure inter-agerit communication, secure database access methods, and 
web browser administrative control. 

30 



wo 03/029934 ' . PCT/GB02/04107 

7 

Typically, agents are istatic, with one agent 14 running on each host computer 
10. However, more complex an^angements are envisaged, for example the 
possibility of having more than one agent per host computer or network 
device. In some embodiments, agents may be mobile, and able to move from 
5 node to node across the network. 

The preferred implementation includes a GUI and agent management system 
20, incorporating a variety of agent management tools. These tools are 
preferably centrally operated within the network, but are initiated via a web 
10 browser interface from any authorised server, so preserving the fully 
distributed advantages of the agent IDS. 

Each agent possesses a number of different sensors which enable it to make 
a variety of local measurements, some of which may relate to the local state of 

15 the physical network 12 and some of which to the local state of the agent itself 
or to the virtual private network 16. Individual agents may have sensors for 
such things as local CPU utilisation, local network traffic rates, local memory 
usage, agenf s internal state (e.g. the "health" of the agent), level of trade with 
other agents, agents success rate at communicating with other agents, email 

20 activity, write and read operations, memory addresses and so on. The overall 
purpose of the sensors Is to allow agents to detect, either individually or in 
combination with other agents, anomalous behaviour on the network, such as 
for example that which might be symptomatic of a vims attack, a wornn attack, 
or a denial of service attack. 

25 

If an individual agent detects a pattern of anomalous activity, it reports that fact 
to other agents across the virtual private network, and also (either on the 
virtual private network or on a public channel) to an admin system or system 
controller 22. Here, a human operator may review the alert and decide what 
30 action If any needs to be taken. 



wo 03/029934 ' ' • PCT/GB02/04107 

8 

Some patterns of anomalous activity may not easily be detectable by a single 
agent, and the present embodiment includes the facility for making macro- 
scale measurements across the agents, or across the virtual private network, 
5 and using those to trigger alerts or to cause defensive action to be taken. In 
the preferred embodiment (as will be described in more detail below) each 
agent has a "metabolic rate" which can be considered representative of the 
agent's "health" or "energy level". One or more user-nominated agents across 
the network records and measures variations in the average or collective 
10 metabolic rate of the entire agent population. Those nominated agents then 
compare the measured metabolic rate over a specific time interval to 
previously recorded patterns known to represent healthy network states. 
Variations from these previous "healthy" metabolic patterns may then raise an 
alert, to be fonA/arded to the admin system 22. 

15 

Alternative macro-scale sensors may be used to trigger alerts, or defensive 
action, based on a variety of agent-related variables. For example, the user- 
nominated agents may monitor the frequency of inter-agent messages to 
detect variations in this traffic. Such variations can be utilised as an indication 
20 of attacks on other agents (that is, as an indication that the virtual private 
network may have been compromised), or of possible attacks on the network 
resources of the agents' host machines 10. 

The admin system 22 may be automatically notified when the average or 
25 collective metabolic rate, or . other macro-scale measurement, exceeds a 
threshold value. Altematively, in more sophisticated embodiments, the 
system may include automated machine learning algorithms such as neural 
networics or genetic algorithms which learn and infer patterns of attack from 
changes in the metabolic rate or other measurement. 



30 



wo 03/029934 ' . '• • PCT/GB02/04107 

9 

In order to reduce the number of false positives being generated by the 
system (that is, incon-ectly identified intrusions), the 'system incorporates a 
group-voting scheme within the agent group, so that for example more than 
one agent must raise an intrusion event alert before the admin system 22 is 
5 notified. 

Each agent stores in its own local memory an intemal list of byte sequences 
which represent known or suspected anomaly patterns based upon the 
outputs of the various sensors that the agent has access to and/or to the 
10 macro-measurements being taken across the entire agent population. These 
"anomaly patterns" might, for example, be representative of the type of activity 
that is known to be indicative of viral or worm infections, firewall probes, or 
other known threat processes. The patterns may include, but are obviously 
not limited to, traditional vims/womi signature strings. 

15 

As the agent makes measurements with Its own local sensors and/or receives 
input across the virtual private network of macro-measurements, it constructs 
corresponding byte sequences which it dynamically attempts to match against 
its own internal list. If a match is found, the agent may apply any predefined 
20 defence strategy to proactively remove or deal with the threat. At the same 
time, the agent transmits the new anomaly pattern/signature to other agents 
by means of a tag message 18. This rapidly distributes knowledge of the 
potential threat throughout the community of agents. 

25 In a similar manner, any agent that knows how to deal with a particular threat, 
as indicated by a spedfic anomaly pattern, may transmit that information to (ie 
inoculate) other agents: This could be in the form of either data (e.g. the URL 
from which an agent can automatically download anti-viral software) or 
alternatively the software itself. 



30 



wo 03/029934 ' ' PCT/GB02/04107 

10 

Via the exchange of shared anomaly patterns, the agents create a group 
immune system which is far more resistant to attack than a collection of 
isolated detection systems or a centralised monitoring and detection system. 
In addition, as each agent may apply code or software processes itself in order 
5 to deal with or remove a detected attack, the network as a whole may be 
defended with much greater speed of response than either a manually 
updated anti-virus product or a centralised IDS. 

For example, with the present embodiment, an agent miay be able to take 
10 . immediate action to secure or to defend the network as soon as it becomes 
aware of an attack, even before a human operator has had a chance to take 
action. One approach, for example, would be for an agent automatically to 
isolate its host machine 10 from the network 12, and then to inform the user of 
the machine 10 that such an action had been taken due to hostile virus or 
15 womn activity. 

As previously mentioned, inter-agent trading takes place by exchange of tag 
messages 18. In addition to being a simple mechanism for exchange of 
information between agents, the message transfers are designed to enhance 
20 the process of cohesion and agent identification within the agent group. Via 
the dynamic interchange of encrypted tags, the agents are able to distinguish 
between authorised and unauthorised agents. 

In the anrangement shown In Figure 1, the agents are members of a single 
25 group, and are all capable of talking to each other. In a more complex 
network, however, there may be multiple groups of agents, with the agents of 
one group being able to communicate between themselves but not with the 
agents of a second group. By maintaining the internal cohesion of each 
group, the groups become better able to distinguish between "self and "non- 
30 seir. and therefore better able to identify messages from spurious non-friendly 



wo 03/029934 • '. *.. PCT/GB02/04107 

11 

agents which might have infiltrated the virtual private networl< 16. 

This approach enables a human administrator, if so desired, to suij-divide a 
large intranet domain into multiple sub-domains, each hosting a separate 

5 cohesive group of agents. Each agent sub-group then interacts only with its 
local group, as the neighbouring groups (or "cells") would be culturally 
separate due to their unique set of encrypted identifying tags. Hence, even if 
an attacic succeeds in penetrating one of the agenf s communities and 
subverts the agent in that group, it would still have to penetrate the remaining 

10 cells individually. In addition, if one cell is infected the neighbouring cells will 
be alerted by changes in the behaviour of that cell. 

Overall system knowledge of a potential threat may then come either from 
each cell separately, or from grouping information from several individual cells 
15 (eg by grouping the cell-based macro ihfonnation on the health, notional 
metabolic rate or other internal status indicator of the agents within each cell). 

In a practical embodiment, separation into individual cells can be achieved by 
installing a software agent at every node in the network, which can 
20 communicate over secure channels with other agents in the local group (as 
shown in Figure 1). Each node broadcasts hashed encoded objects or tag 
messages 18, which all other agents listen to. Messages intended for 
members of another group will not be understandable by a recipient agent, 
and are simply ignored. 

25 

The precise implementation of the inter-agent trading processes may be left to 
the designer of a specific system since the current invention, in its variety of 
forms, could make use of quite a large number of different approaches. It is 
preferred, however, that the trading system tends to enhance the 
30 cohesiveness of agents within a particular group and. over time, to cause all of 



wo 03/029934 



PCT/GB02/04107 



the agents within a group to converge or to become more similar In some way. 

That is achieved, in the preferred embodiment, by providing each agent with 
its own identify string, held in local memory. These identify strings may be 

5 exchanged within the message tags 18 between two agents who are 
sufficiently similar to allow trades to take place. When a trade occurs, each 
agent is allowed to replace one portion of its trading partner's Identify string 
with the con-esponding portion of its own string. As a result, over time, the 
identity strings of agents trading within a single social gnaup tend to become 

10 more similar. Agents trading within a different social group will, over time, 
tend to converge on a different identity string, thereby enhancing not only the 
cohesiveness of each individual group but also the distinctiveness between 
groups. 

15 Each agent is in the prefen-ed embodiment Initialised with a quantity of virtual 
energy (which we may call "spice"). During 6ach trading activity, an initiating 
agent transfers a given amount of spice to its trading partner. Spice is 
available only from other agents, and is required for agent survival. Hence, 
any agent with whom no agent wishes to trade will eventually die. 

20 

One of the possible intrinsic measurements that may be made on an individual 
agent is its "health" or "metabolic rate". Taken across the group of agents, the 
metabolic rate may provide one of the macro-scale measurements that the 
system may use to detect anomalous behaviour. In one embodiment, the 

25 agent population is dynamic, with new agents being created and automatically 
deleted once they have reached the end of their life. In such an embodiment, 
each agent stores locally a value representing Its "metabolic rate" (or 
alternatively its life expectancy). Whenever an agent detects or receives a 
pattern representative of some anomalous activity it first tries to pattern match 

30 to see whether that pattern can be identified from its own internally stored list 



wo 03/029934 * ^ . ' . PCT/GB02/04107 

13 

of known anomalous patterns/signatures. If it is able to matcli the pattern, it 
forwards details of the pattern and any solution to other agents in the group. 
However, if it is unable to match the unknown anomalous pattern (even after 
running appropriate local software including mutating algorithms applied to the 
5 anomalous pattern to enhance the possibility of a match) the metabolic rate of 
the agent is increased or, equivalently, its life expectancy is decreased. In 
that way, agents that are effective at identifying and dealing with new threats 
have an evolutionary advantage and, in time, come to dominate within the 
agent community. 

10 . 

In some practical implementations, particularly where it is desired to have a 
single agent continuously protecting each node within a computer network, it 
may be undesirable to have a dynamically varying population of agents. In 
such an embodiment, the agents may expend energy units by exchanging 

15 them for physical resources on their host machine. For example, a host 
computer might charge an agent a number of energy units for a fixed number 
of cycles of CPU time being used by the agent. In such an arrangement, the 
number of energy units held by agents within the community can be used as 
the macro-scale measurement of the overall "health" of the system. Such an 

20 arrangement also provides a means of resource control on the agents: it is of 
course desirable that any anomaly detection system should not impose 
excessive loading on the host machine resources. 

More generally, whether the number of agents is variable or fixed, the system 
25 can use any convenient macro-scale measurement, across the agents, which 
in some way represents the agents' health. Thus, any convenient measure 
could be used which allows a distinction to be made between "healthy" agents 
and "unhealthy" agents. The former will be those which have not previously 
faced attack, or which have successfully beaten off attacks; while the latter 
30 are those which are either cun-ently under attack or which have been 



wo 03/029934 



PCT/GB02/04107 



14 

weakened by previous attacks. 

In an embodiment in which the agents can specialise in particular aspects of 
system security, for example virus detection, an evolution mechanism may be 
5 incorporated. This allows agents to generate new agents via genetic 
recombination, these new agents then being selected against specific security 
requirements. 

A specific application for the described embodiment is in defending peer to 
10 peer (P2P) networks. P2P networks are currently difficult to secure using 
existing network security models as they bypass traditional firewall 
mechanisms, and they may span multiple corporate networks. The 
embodiment described operates easily over such P2P networks, enabling a 
higher degree of security for any data or services. 

15 Simulation: 

The specific description will be concluded with a brief description of a 
simulation of a system operating according to the principles set out above. It 
should be understood that the subsequent description relates to a computer 
simulation rather than an actual physical implementation of the invention. 
20 Some of the detailed mechanisms described (for example use of the 
"Sugarscape" model) were chosen for purposes of convenient simulation and 
do not necessarily represent the best or most efficient method for 
implementing such a system In a real-world environment. 

25 1. Experiments 

The multi-agent simulation was developed based on the REPAST agent toolkit 
from the University of Chicago. This package was selected in preference to. 
alternative social agent platforms e.g. Swamn Burkhart S., Burkhart R., -The 



wo 03/029934 



PCT/GB02/04107 



15 

Swarm Multi-Agent Simulation System" (OOPSU^) '94 Workstiop on Ttie 
Object Engine" 7 September 1994, as it offers a fast pure Java implementation 
with extensive support for visualisation, offline batch running and object 
management. 

We first constructed a two-dimensional discrete spatial world model in which a 
population of artificial agents could interact and moye, based on the 
Sugarscape model Epstein J., Axtell R.. "Growing Artificial Societies: Social 
Science from the Bottom Up" MIT Press, 1996. This model was selected as it . 
represents a suitable test case environment for investigating complex multi- 
agent simulations. In addition we wished to enable easy reproduction of the 
presented results. , 

2. Model Description 

The model is based on a population of agents, which are initialised randomly 
with the following set of variables: 

i) Vision - an agent can sense other agents and food objects within a 
specified radius from its own co-ordinates. Assigned randomly within a 
specified range e.g. 1-5 steps. 

ii) Metabolism - agents have an integer counter which represents their 
rate of energy consumption. Assigned randomly in a specified range. 
Can be increased if an agent is infected with a pathogen. 

iii) Lifespan - agents are initialised with a fixed lifespan, randomly 
assigned, typically between 20 - 200 time steps. 

iv) Sugar - agents require sugar to survive, which is an environmental 
resource. Sugar is distributed as in figure 1, and re-grows once 
consumed by an agent at some specified rate. The agenfs normal 
behaviour is to look around their local environment using a von Neuman 



wo 03/029934 • • , PCT/GB02/04107 

16 

neighbourhood and to move to the site with the highest sugar level. 
This naturally leads to the aggregation of agents in this particular 
landscape. Agents consume sugar by decrementing the value 
proportional to their metabolic rate. 

5 v) Spice - as described in the Epstein & Axtell model, a second 
commodity was introduced into the world which is only available from 
other agentsi and is . required for agent survival. Agents can only 
acquire spice when they engage In a trade interaction with another 
agent. The rules of trade are described in the following section. 

10 vi) Memory array -list of M most frequently used trading agents. 

vii) Immune system - agents have a string of N characters, which 
represents a simplified immune system. 

viii) Pathogens - agents may be initialised with a vector (dynamic Java 
array) of viral infections, composed of short random character strings. 

15 

3. Memes and Tags 

20 The model differs from the classic Sugarscape In the following ways: 

Agent Classes - there are nine separate social classes defined in the present 
model, based on an array of identifying cultural tags, (the classic model 
typically only uses two agent classes, Epstein and Axtell 96). The cultural tags 
25 are represented by an array of integer values between 0-9. The specific tags 
used by the agents were: 

Tag 1 is a group identifier, i.e. this tag defined the class to which an agent 
belongs. 

Tag 2 defines how much spice an agent will share during trade. 



wo 03/029934 



PCT/GB02/04107 



17 

Tag 3 has no direct role but is used to lielp measure cultural variance, 
during agent trade interactions. 

The visual interface colour codes agents according to the value of tag 1 . 

5 Cultural Variance - we measure variance between the agents by the 
summed difference between the tag values. In contrast the Sugarscape 
model uses binary tags and a Hamming distance measurement of cultural or 
social variance. An integer representation was selected as this maps into the 
large number of agent classes being operated on. 

10 



4. Dynamic Group Formation 

15 

The first experiments were designed to study under what conditions socially 
co-operative groups of agents would spontaneously develop, using the defined 
model. . 

20 5. Rules for Trading Interactions 

Each agent applied the following algorithm during its allocated time slot. 

Look in all neighbouring (von Neuman) cells to radius = vision parameter. 
25 If cell occupied then 

If agent is of similar class type then 
trade with agent in the cell 

and randomly flip one tag of agent to match own tag. 
Else ignore agent 
30 Else if cell unoccupied record amount of sugar present. 



wo 03/029934 * * . PCT/GB02/04107 

18 

Move to selected unoccupied cell with higliest sugar level. 

An agent receives an amount of spice equal to tlie second tag value T of the 
. agent it is trading with plus an amount specified by a gain factor G, 
5 representing the profit surplus, while the second agent loses an amount equal 
to T. The gain factor G was found to be a key parameter in enabling the 
formation of stable social groups. In addition, rate of group formation and 
lifespan of the resulting group was proportional to the value of G. For example 
in figure 2 a gain value of G = 10 results in very rapid group fomnation, i.e. 
10 . within 20 time steps. This result suggests that one element of group fomnation 
is an asymmetric gain function in any trading process, which underiles the 
need of the agents to co-operate. This appears intuitive, as a social group is 
itself an out of equilibrium structure. 

15 6- Social Network Structures 

In order to visualise what social relationships exist over time between the 
agents we generated networi^ graphs showing the connections between each 
agent and all of the agents cun-ently in its memory array. Figure 2 is a 

20 schematic view of the agent spatial environment, showing the development of 
two distinct social groups within a 50 x 50 model grid. Figure 3 shows the 
connections between each agent and all of the agents currently referenced 
within their memory an^ay. This social memory array of each agent contains a 
reference to the ten most frequent trading partners the agent has so far met. In 

25 figure 3, with no disease vectors the network displays high connectivity and is 
highly stable once fonned, i.e. it persists for a period several times longer than 
the lifespan of an individual agent. . 



30 



7. Immune System Development 



wo 03/029934 ' " ' . PCT/GB02/04107 

19 

The second stage of the work involved adding an artificial immune model to 
the agents, based on work by Epstein and Axtell {Epstein andAxtell 1996,^op 
cit). During each trade interaction between two agents, the initiating agent is 
passed a vector of N disease strings. Each string is a short sequence of 
5 . characters, which the receiving agent then attempts to find a match for from its 
internal immune system, (an large aray of character strings). Each string 
which the agents fails to match results In an Increment to its metabolic rate. 
This results in a gradual degradation of an agent's ability to survive and a 
reduction in its lifespan. The agents can also undergo random mutation of 
10 . elements in their immune system, in order to generate potentially novel "anti- 
body" solutions to current diseases in the population. 

Agents have the capability of exchanging a copy of the antibodies they have 
acquired with each agent that they trade with. The impact of allowing this co- 
operative inter-agent exchange to occur is considerable: the average number 
15 of social connections in the population was found to increase by more than a 
factor of two, indicating a significant increase in the agents' state of health. 
This is also reflected in greater stability and lifespan of their social groups. 

8. Analysis 

20 

From the above results we extracted the following conclusions: 

i) Through a virtual commercial trade process we created stable self- 
organising groups of agents, via inter-agent meme transfer. 
25 ii) The groups demonstrated resilience to invasion and competition by 
competing groups. 

iii) The groups displayed a collective immunity mechanism, allowing them 
to withstand frequent infection from external or internal agents. 



wo 03/029934 



PCT/GB02/04107 



20 

The metabolic conversions of such a cluster/group contribute to defining Its 
sense of self, (i.e. ability to recognise self-elements). Hence abnomfial 
perturbations of tlie metabolic rate is one method for agents to detect when 
attacks or Intrusions are in progress. 



wo 03/029934 



PCT/GB02/04107 



21 

CLAIMS: 

1. A computer security system comprising a plurality of inter- 
communicating software agents (14) togetlier forming an agent group, tlie 

5 system maintaining and tracldng a groupwide measure of agent status or 
beliaviour, comparing actual beliaviour patterns of the measure witli known 
normal behaviour patterns and determining that a security threat does or may 
exist when the actual behaviour patterns diverge from nonnal behaviour 
pattems. 

10 - 

2. A computer security system as claimed in claim 1 in which the measure 
is a value indicative of a collective variable for the group, or an average value 
for the agents (14) within the group. 

15 3. A computer security system as claimed iri claim 2 in which the system 
detemnines that a security threat does or may exist If the value moves outside 
a range of normal values. 

4. A computer security system as claimed in claim 2 or claim 3 in which 
20 the value is indicative of a notional metabolic rate of the agents within the 

group. 

5. A computer security system as claimed in claim 2 or claim 3 in which 
the value is indicative of a notional life expectancy of the agents within the 

25 . group. 

6. A computer security system as claimed In claim 2 or claim 3 In which 
the value is indicative of a notional energy level of the agents within the group. 

30 7. A computer security system as claimed in claim 2 or claim 3 in which 



wo 03/029934 " PCT/GB02/04107 

the value Is indicative of Inter-agent communication traffic, for example the 
quantity or frequency of messages being passed between agents. 

8. A computer security system as claimed in claim 2 or claim 3 In which 
5 the value Is indicative of the agents' success In attempting to communicate 

with other agents within the group. 

9. A computer security system as claimed In claim 2 or claim 3 In which 
the value Is indicative of any combination of notional metabolic rate, notional 

10 life expectancy, notional energy level. Inter-agent communication traffic and 
success in attempting to communicate with other agents. 

10. A computer security system as claimed in any one of the preceding 
claims in which the agents (14) reside on a virtual private network (16) and 

15 communicate on a separate channel from that used by devices on a computer 
network (1 2) being protected by the security system. 

11. A computer security system as claimed In claim 10 In which each agent 
Includes respective sensors, or Is ananged to receive infonnatlon for external 

20 sensors, which provide It with networi^ measures Indicative of a network (12) 
being protiected. 

12. A computer security system as claimed in claim 1 1 In which the networi< 
measures consist of or Include measures of memory utilization, network traffic, 

25 network writes, networi< reads, port probes, memory addresses, email activity 
or any combination thereof. 



30 



13. A computer security system as claimed In claim 10 or claim 1 1 1n which 
the system detennines that a security threat does or may exist in dependence 
upon a combination of the network measures and the actual behaviour 



wo 03/029934 



PCT/GB02/04107 



. • 23'. 
patterns of the groupwise measure. 

14. A computer security system as claimed in any one of tlie preceding 
claims in which each agent, individually, attempts to detect anomalous 

5 behaviour. 

15. A computer security system as claimed in claim 14 in which detected 
anomalous behaviour is converted into an anomaly pattern which the agent 
attempts to match against a local record of known anomaly patterns. 

10 • 

16. A computer security system as claimed in claim 15 when dependent 
upon any one of claims 4 to 6 in which, if the match fails and the agent cannot 
recognise the anomaly pattern its metabolic rate is increased, or Its (life 
expectancy or notional energy is decreased. 

15 

17. A computer security system as claimed in claim 14 or claim 15 In which 
the agent mutates the anomaly pattern, or the known anomaly patterns in its 
local record, as part of its attempts to match. 

20 18. A computer security system as claimed in any one of the preceding 
claims in which the total number of agents within the group is dynamic, with 
agents dying and new agents automatically being created. 

19. A computer security system as claimed in any one of claims 1 to 17 in 
25 which the total number of agents within the group is fixed. 

20. A computer security system as claimed in claim 19 In which there is 
exactly one agent per node of a computer network (12) being protected by the 
system. 

30 



wo 03/029934 ' *. ' . PCT/GB02/04107 

24 

21. A computer security system as claimed in any one of the preceding 
claims, when dependent upon claim 6, in which each agent expends notional 
energy according to the local computer resources it uses to perform its 
functions. 

5 

22. A computer security system as claimed in any one of the preceding 
claims, when dependent upon claim 6, in which during communication 
between the agents, a quantity of notional energy is transfen-ed from a 
transmitting agent to a receiving agent. 

10 . 

23. A computer security system as claimed in any one of the preceding 
claims in which a system controller is notified that a security threat does or 
may exist only when a given plurality of agents within the group determines 
that the threat does or may exist. 

15 

24. A computer security system comprising a plurality of inter- 
communicating software agents (14) which co-operatively detennine when a 
security threat does or may exist, the agents communicating by a message- 
exchange system in which, as messages pass between a first agent and a 

20 second agent, the ability of the first agent to recognise the second as friendly 
increases. 

25. A computer security system comprising a plurality of inter- 
communicating software agents (14) together forming an agent group, the 

25 agents communicating by a message-exchange system in which, when one 
agent determines that a security threat does or may exist, that agent sends a 
warning message, including an anomaly pattem Indicative of the threat, to 
other agents in the group. 

30 26. A computer security system comprising a plurality of inter- 



wo 03/029934 



PCT/GB02/04107 



25 

communicating software agents (14) which co-operatively determine when a 
threat does or may exist, the agents being divided up into'a plurality of agent 
groups, each agent corresponding with other agents in Its respective group, 
but not agents in other groups, by a message-exchange system including the 
exchange of group-specific tags. 



wo 03/029934 



PCT/GB02/04107 



1/2 











(D 






13 






duu 




+-» 

c 


o 




CD 


tc 




< 


CO 






o 






n: 









u 








CD 

4— • 






3 






mp 




c 


o 




0 


to 




O) 
< 


CO 






o 






















1 








0) 






4-« 






£ 




c 




E 


CD 




o 






O 






to 






o 






X 



SUBSTITUTE SHEET (RULE 26) 



wo 03/029934 



PCT/GB02/04107 



2/2 



Fig.2. 




SUBSTITUTE SHEET (RULE 26) 



INTERNATIONAL SEARCH REPORT 



Int^HPonal AppDeatlon No 

PCT/GB 02/04107 



A. CUSSIRCATION OFSUBJECT UATTER 
IPC 7 6O6FI/OO 



H04L29/06 



According to Inlemgtional Patent Clasatncalton (IPC) or to both naliona) claadncallon and IPC 



B. FIELDS SEARCHED 



Mlnlmuni documentation searched (dasslflcailon system foBowsd tiy dasslllcatlon symtiols) 

IPC 7 G06F H04L 



OoGumeniatlon searched othar than minimum documentation to the extent that such documents are Included In the fields searched 



Electronic data base consulted during the Intematbnal search (name or data base and, where practical, search terms used) 

EPO-Internal , WPI Data, PAJ 



C. DOCUMENTS CONSIDERED TO BE RELEVAhTT 



Category' Qtalion of ctocumenl with Indication, where apprapriate. cf the relevant passaoes 



Relsirant to daim No. 



MO 00 33034 A (KONINKL PHILIPS ELECTRONICS 

NV) 29 June 2000 (2000-06-29) 

abstract 

page 6, line 11 -page 7, line 7 
page 13, line 22 -page 14, line 12 
page 15, line 4 -page 16, line 4 



page 18, line 27 -page 19, line 4 

page 20, line 14 - line 30 

page 23, line 28 -page 26, line 32 



1-4,6-9, 
24 



10-15, 
19,20, 
22,23 



26 



m 



Further documents are fisted in the conllnuatbn of lx» 0. 



PstetA family members are listed tn annex. 



* Special caiegorles of dted documents : 

*A* document dormlng iho general stale of the art which Is not 
considered to be oi particular relevance 

'E* earUsr document tnil putillshed on or aner the International 
filing date 

*L* document which may throw doubts on priority clalm(s) or 
which Is died lo establish the pubOcalfon dale of another 
dlalion or other epcdal reason (as specified) 

'0* document refemng to an oral disclosure, use, exhibition or 
Olhor moans 

'P* documont published prior to the intemaSonal flUngdate but 
later than the priority dale dabned 



*r laterdocument published after the international filing date 
or priorfiy date and not in conflict wRh the application but 
dted lo understand the principle or theoiy undertyhg the 
Invention 

"X' document of particular relovanoo; the claimed inventbn 
cannot be considered novel or cannot be considered lo 
involve an tnventlve step when the document b taken alone 

*y* document of particular relevance; (he claimed Invordbn 
cannot be considered to Involve an inventive step when the 
document Is combined with one or more other such docu- 
ments, such combination being obvious to a person sMUed 
In the art 

'&' document member of the same patent family 



Date of the actual compleUon of the Inlematbnal search 



1 November 2002 



Date of moiling of the Intematlonol search report 



08/11/2002 



Name and mailng address of the ISA 

European Patent Office, P.B, 5818 Palemlaan 2 
NL-2280HVRiJswijH 
TeL (431-70) 340-204a T^. 31 651 epo nl. 
Fax: (fO1-70) 340-3016 



Authorized offloBr 



Powell, D 



Fomt PCT/IGAO10 (cBcmd shMl) Udy 1062) 



INTERNATIONAL SEARCH REPORT 



Int^Wonal Application No 

PCT/GB 02/04107 



C.(Contlnuat(on) DOCUMENTS CONSIDEREO TO BE RELEVANT 




Relevant to claim Na 



Y 



WO 00 70463 A (L 3 COHM CORP) 
23 November 2000 (2000-11-23) 
abstract; figures 1,3,4 



10.19. 
20,22 



page 7, line 7 - line 26 
page 9, line 1 - line 12 
page 11, line 3 -page 12, line 



6 



Y 



US 5 621 889 A (EMERY THIERRY 
15 April 1997 (1997-04-15) 
abstract; figure 2 
column 2, line 9 - line 55 
claims 1-17 



ET AL) 



11-15 



Y 



CROSBIE M ET AL: 



DEFENDING A 



COMPUTER . 



23 



SYSTEM USING AUTONOMOUS AGENTS" 
NATIONAL INFORMATION SYSTEMS SECURITY 
CONFERENCE, XX. XX, 

October 1995 (1995-10), pages 549-558, 
XP001059892 

cited In the application 
the whole document 
A 26 

Y WO 99 57625 A (PRC IMC ;HUFF JULIE LYNN - 25 . 
(US); JACKSON SHEIU ANN (US); SHELANSKEY) . 

11 November 1999 (1999-11-11) 
the whole document 

Y WO 00 54458 A (ROWUND CRAIG :PSIONIC 25 
SOFTWARE INC (US)) 

14 September 2000 (2000-09-14) 
the whole document 

A EP 0 985 995 A (IBM) 15 

15 March 2000 (2000-03-15) 
the whole document 



fam FCT«SM2ta (onAniallcn gl noand (hMl) (Jily igg^ 



INTERNATIONAL SEARCH REPORT 
"information on patent famll/ members 



(nt^MonalAppnostlon No 

PCT/GB 02/04107 



Patent document 
died In saaich report 


PubncaUon 
date 


Patent feuidly 
nieinber(s) 


Publication 
dale 


WO 0038034 A 


29-06-2000 


US 


6330588 Bl 


11-12-2001 






AU 


1387400 A 


12-07-2000 






CN 


1298499 T 


06-06-2001 






WO 


0038034 Al 


29-06-2000 






EP 


1057097 Al 


06-12-2000 



WO 0070463 A . 23-11-2000 AU 4833300 A 05-12-2000 

AU 4833400 A 05-12-2000 

WO 0070463 Al 23-11-2000 

MO 0070464 Al 23-11-2000 



US 5621889 A 15-04-1997 FR 2706652 Al 23-12-1994 

CA 2125445 Al 10-12-1994 

DE 69428631 Dl 22-11-2001 

DE 69428631 T2 08-08-2002 

EP 0629940 Al 21-12-1994 

ES 2164091 T3 16-02-2002 

NO 942108 A 12-12-1994 



WO 9957625 


A 


11-11-1999 


US 


6408391 61 


18-06-2002 








AU 


3768899 A 


23-11-1999 








CA 


2331566 Al 


11-11-1999 








GB 


2353885 A 


07-03-2001 








UO 


9957625 Al 


11-11-1999 


WO 0054458 


A 


14-09-2000 


US 


6405318 81 


11-06-2002 








AU 


3737400 A 


28-09-2000 








WO 


0054458 Al 


14-09-2000 


EP 0985995 


A 


15-03-2000 


EP 


0985995 Al 


15-03-2000 



Fom PCT;isA/310 (paionl lamliy omet) (July 1BB2) 



